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/Pa±-e«rfe7 claims 

A method for the computer/ aided interchange of 
cryptographic keys between /a first computer unit 
(U) and a second computer unit (N) , 

- in which a first value/ (g 1 ") is formed from a 
first random number tft) using a generating 
element (g) of a finAte group in the first 
computer unit (U) , / 

- in which a first message (Ml) is "transmitted 
from the first computer unit (U) to the second 
computer unit (N) ,/ the first message (Ml) 
containing at least yche first value (g t ) , 

- in which a session key (K) is formed in the 
second computer unit (N) using a first hash 
function (hi) , a /first input variable for the 
first hash function (hi) containing at least one 
first terrn^^hich /is formed by exponentiation of 
the first vmue /(g*) using a secret network key 

- in which the session key (K) is formed in the 
first computer / unit (U) using the first hash 
function (hi) , / a second input variable for the 
first hash function (hi) containing at least one 
second term whilch is formed by exponentiation of 
a public network key (g s ) using the first random 
number (t) , / 

- in which a fourth input variable is formed in 
the first computer unit (U) using a second hash 
function (h2)J or the first hash function (hi), a 
third input variable for the first hash function 
(hi) or for the second hash function (h2) 
containing, I for the purpose of forming the 
fourth input variable, one or more variables 
which can pe used to infer the session key 
unambiguous ly , 
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- in which a signature teirm is formed in the first 
computer unit (U) from /at least the fourth input 
variable using a first/signature function (Sigu) , 

- in which a third message (M3) is transmitted 
from the first computer unit (U) to the second 
computer unit (N) ,/ the third message (M3) 
containing at least /the signature term from the 
first computer unit /(U) , and 

- in which the signature term is verified in the 
second computer und/t (N) . 
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The method as claimefd in claim 1, 

in which the secret! network key and/or the public 
network key is/are long- service keys. 

The method as claimed in claim 1 or 2 , 
in which the third input variable contains a 
plurality of variables which can be used to infer 
the session Jcey unambiguously. 



The method as 
in which the vai^ 
contain at leas 



public network key (g s ) . 



The method as claimed in one of claims 1 to 4 , 



in which the 
identity stat 
computer unit 



Lined in one of claims 1 to 3, 
ible or the variables contains or 
the first value (g e ) and/or the 



first message (Ml) contains an 



ment 



(id CA ) for 



certification 



(CA) which delivers a network 
certificate ((fcertN) or a chain of certificates, 
the last of which is the network certificate 
(CertN) , which can be verified by the first 
computer unit (U) , 

second message (M2) is transmitted 



in which a 



computer unit 
containing a 



from the second computer unit (N) to the first 



(U) , the second message (M2) 
least the network certificate 
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(CertN) or the chain of J certificates, the last 
of which is the network certificate (CertN) , and 
in which the network certificate (CertN) or the 
chain of certificates, A:he last of which is the 
network certificate (CqfrtN) , is verified in the 
first computer unit (U) 
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The method as claimed in /claim 5, 

- in which a third message (M3) is transmitted 
from the first computer unit (U) to the second 
computer unit (N) , / the third message (M3) 
containing a user certificate (CertU) or a chain 
of certificates, the/ last of which is the user 
certificate (CertU) , 

in which the user / certificate (CertU) or the 
chain of certificates, the last of which is the 
user certificate ffCertU) , is verified in the 
second computer uni/t (N) . 



The method as 
- in which t 
identity vari 




±me$L in one of claims 1 to 6, 

fijfrst message (Ml) contains an 
(IMUI) for the first computer 



unit (U) and an identity statement (id^) for a 
certification computer unit (CA) which delivers 
to the first jbomputer unit (U) a network 
certificate (CertiN) which can be verified by the 
first computer unit (U) , 

- in which a f oui th message (M4) is transmitted 
from the secor.d computer unit (N) to the 
certification computer unit (CA) , the fourth 
message (M4) cor taining at least the first value 
(g* 1 ) as input variable, 

- in which a fifth message (M5) , containing at 
network certificate (CertN) or a 

iLn, the last element of which is 
rtif icate (CertN) , or the user 
sprtU) or a certificate chain, the 
which is the user certificate 



least the 
certificate cha 
the network ce| 
certificate (Ce 
last element of 
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(CertU) , is transmitted from the certification 
computer unit (CA) to /the second computer unit 
(N) . 
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The method as claimed in/ one of claims 1 to 7, 

in which a fourth me/ssage (M4) is transmitted 
from the second cohputer unit (N) to the 
certification computer unit (CA) , the fourth 
message (M4) containing at least the public 
network key (g s ) , the first value (g 11 ) , the 
identity variable (3JMUI) for the first computer 
unit (U) as input! variable, and an output 
variable from a thijrd hash function (h3) being 
signed using a second signature function (Sig N ) , 
in which the first/ signed term is verified in 
the certification computer unit (CA) , 
in which a third t£erm, containing at least the 

le public network key (g s ) and 
statement (id N ) for the second 
(N) , is formed in the 
iter unit (CA) , 

value for the third term is 



first value (g^) , 
an identity 
computer ul 
certification 
in which a ha^ 



formed in the certification computer unit (CA) 
using a fourth hash function (h4), 

- in which the hash value for the third term is 
signed in the certification computer unit (CA) 
using a third signature function (Sig^) , 

- in which a network certificate (CertN) 
containing at least the third term and the 
signed hash val^e for the third term is formed 
in the cert if icaition computer unit (CA) , 

- in which a fourth hash function (h4) is applied 
in the certification computer unit (CA) to a 
fifth term, containing at least the identity 



statement (id N 
and a user cert:. 



for the second computer unit (N) 
f icate (CertU) , 
in which the hksh value for the fifth term is 
signed using the secret certification key (cs) 
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jnature function (Sig^) , 
ients the second signed 



by using the third s: 
and the result reprei 
term, 

in which a fifth message (M5) , containing at 
least the network certificate (CertN) , the fifth 
term and the second /signed term, is transmitted 
from the certification computer unit (CA) to the 
second computer unit/ (N) , 

in which the network certificate (CertN) and the 
second signed terni/ are verified in the second 
computer unit (N) , 
- in which a fourth I term, containing at least the 
public network key/ (g s ) and the signed hash value 
for the third tfrm, is formed in the second 
computer unit (N) 



- in which 
from the 
computer 
containing a' 

- in which th 
verified in 



second message (M2) is transmitted 
>nd /computer unit (N) to the first 
(U) , the second message (M2) 
st the fourth term, and 
fnetwork certificate (CertN) is 
th^I first computer unit (U) . 
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The method as claiimed in one of claims 1 to 8, 

in which the /first message (Ml) contains an 
identity variable (IMUI) for the first computer 
unit (U) and c.n identity statement (id^) for a 

computer unit (CA) which delivers 
computer unit (U) a network 
:brtN) or a chain of certificates, 
the last of which is the network certificate 
(CertN) , which can be verified by the first 
computer unit (U) , 

in which a fourth message (M4) is transmitted 
from the second computer unit (N) to the 
certification computer unit (CA) , the fourth 
message (M4) containing at least one certificate 
for the public network key (g s ) , the first value 



certification 
to the first 
certificate (C 
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(g t ) and the identity Variable (IMUI) for the 
first computer unit (U) A 

in which a third term,/ containing at least the 
public network key (g s ) or a variable which 
determines the pub/Lie network key (g s ) 
unambiguously, is forpned in the certification 
computer unit (CA) , 
in which a hash valiie for the third term is 
formed in the certification computer unit (CA) 
using a fourth hash function (h4), 



in which the hash v 



in which 
least the signed hai 
is transmitted froi 



Llue for the third term is 



signed in the certification computer unit (CA) 
using a third signature function (Sig^) , 

a fifth message (M5) , containing at 
;h value for the third term, 
the certification computer 



unit (CA) to. the se 

- in which thfeXsign 
term is ver 
(N) , 

- in which a sec 
from the second 
c omput e r un i t 



ond computer unit (N) , 
d hash value for the third 
in the second computer unit 



message (M2) is transmitted 
omputer unit (N) to the first 
f) , the second message (M2) 
containing at l^ast the signed hash value for 
the third term, jand 

in which the signed hash value for the third 
term is verified in the first computer unit (U) . 



10. The method as claimed in claim 9, 
3 0 in which the third term contains a public user 

signature key (KU) or a variable which determines 
the user signature key (KU) unambiguously. 



11. The method as /claimed in claim 9 or 10, 
35 in which th© fifth message (MS) and the second 

message (M4) have at least one chain of 
certificates/ 
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12. The method as claimed ifn claim 8, 
in which the fifth tertfi has a time stamp (TS) . 

13. The method as claimed /in one of claims 9 to 12, 
in which the third te/rm has a time stamp (TS) . 
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The method as claimed in one of claims 7 to 13 , 

in which an intermediate key (L) is formed in 
the first computer unit (U) , before formation of 
the first message (Ml) , by raising a public key 
declaration key (fg u ) to a higher power using the 
first random number (t) , 

in which a second encrypted term (VT2) is formed 
in the first computer unit (U) , before formation 
of the first message (Ml) , from the identity 
variable (IMUI)/ for the first computer unit (U) 
by encrypting the identity variable (IMUI) with 
the intermediate key (L) using an encryption 
function (Enc) 

in whi<sK tjhe / first message (Ml) contains the 
second %^fcryrf>ted term (VT2) instead of the 
identity ^%iv^Jb.ble (IMUI) for the first computer 
unit (U) , 

in which thg fourth message (M4) contains the 
second encrypted term (VT2) instead of the 
identity variable (IMUI) for the first computer 
unit (U) . 



The method as 
in which the 



claimed in one of claims 7 to 14, 
network certificate (CertN) or a 



certificate chain, the last element of which is 



the network 
certificate ( 
last element 



certificate (CertN) , or the user 
HertU) or a certificate chain, the 
of which is the user certificate 
(CertU) , is ejicrypted with L in the fifth message 
(M5) 



16 . 



The method as 



claimed in one of claims 7 to 15, 
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in which at least one / of the variables, the 
identity statement (id N ) / for the second computer 
unit (N) , the identity / variable (IMUI) for the 
first computer unit (U)/, the public network key 
(g s ) , the network certificate (CertN) or the user 
certificate (CertU) / is checked in the 
certification compute/ir unit (CA) using a 
revocation list. 



10 



£0- 



17. The method as claimed /in one of claims 1 to 16, 

in which the firs/t message (Ml) contains at 
least one old temporary identity variable 
(TMUIO) for the f ii/st computer unit (U) , 
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in which a new 
(TMUIN) is forme 
(U) in the secon 
first messac^J (Mlj 
the second measag 
- in which a fi 




temporary identity variable 
for the first computer unit 
computer unit (N) after the 
has been received and before 
(M2) is formed, 
encrypted term (VT5) is formed 



from the new temporary identity variable (TMUIN) 
for the first cfomputer unit (U) by encrypting 
the new temporary identity variable (TMUIN) for 
the first computer unit (U) with the session key 
(K) using the encryption function (Enc) , 
in which the second message (M2) contains at 
least the fifth encrypted term (VT5) , 
in which the fifth encrypted term (VT5) is 
decrypted in tke first computer unit (U) after 
the second message (M2) has been received and 
before the fourth input variable is formed, 
in which the tl^ird input variable for the first 

(hi) or for the second hash 
contains at least the new 



first computer 



hash function 
function (h2) 
temporary iderttity variable (TMUIN) for the 



unit (U) for the purpose of 



forming the fourth input variable, and 
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in which the third message (M3) does not contain 
the identity variably (IMUI) for the first 
computer unit (U) . 
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The method as claimed 
- in which a response 
about the session 



one of claims 1 to 17, 
(A) containing information 
ney (K) is formed in the 



second computer unit/ (N) , 

- in which a second /message (M2) is transmitted 
from the second computer unit (N) to the first 
computer unit (U)/, the second message (M2) 
containing at least} the response (A) , and 

- in which the session key (K) is checked in the 
first computer unit (U) using the response (A) . 

The method as claimed in one of claims 1 to 18, 
in which the thijrd message (M3) contains an 
identity variable /(IMUI) for the first computer 
unit (U) . 

The method aX claimed in one of claims 1 to 19, 

- in which th^Sf first input variable for the first 
hash functioifk\(hl) contains at least one second 
random number \jjr) in the second computer unit 
(N) , 

in which the second message (M2) contains the 
second random number (r) , and 

- in which the second input variable for the first 
hash function (fil) contains at least the second 
random number (r) in the first computer unit 
(U) . 



The method as cla 
in which the var 
in claim 3 conta 
number (r) . 



4med in one of claims 1 to 20, 
ijable or the variables as claimed 
ins or contain the second random 



22. The method as claimed in one of claims 1 to 21, 
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- in which a second encryrfted term (VT2) is formed 
in the first computer uhit (U) , before formation 
of the third message / (M3) , from the identity 
variable (IMUI) for tqe first computer unit (U) 
by encrypting at least the identity variable 
(IMUI) with the seslsion key (K) using the 
encryption function (Epc) , 

- in which the third /message (M3) contains the 
second encrypted tern^ (VT2) , and 

in which the second encrypted term (VT2) is 
decrypted in the second computer unit (N) after 
the third message (M3) has been received. 
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23. The method as claimed/ in one of claims 1 to 22, 

- in which the second message (M2) contains an 
optional first datd field (datl) , and 

- in which the third input variable for the first 
hash function (ml) or for the second hash 
function (h2) contains at least the optional 
first dataVvf {Leljci (datl) for the purpose of 
forming the frfv^rt^h input variable . 

24. The method as claimed in one of claims 1 to 23, 
in which a thirfcl encrypted term (VT3) is formed 
in the first cobputer unit (U) , before formation 
of the third (message (M3), by encrypting at 
least one optional second data field (dat2) with 
the session (key (K) using the encryption 
function (Enc) 

in which the I third message (M3) contains at 
least the third encrypted term (VT3), and 
in which thej third encrypted term (VT3) is 
decrypted in the second computer unit (N) after 
the third message (M3) has been received. 

25. The method as claimed in one of claims 1 to 24, 

- in which a first encrypted term (VT1) is formed 
in the first computer unit (U) , before formation 
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of the third message \ (M3), by encrypting at 
least the signature tjbrm using the encryption 
function (Enc) , 

- in which the third message (M3) contains the 
first encrypted term flVTl) , and 

- in which the first/ encrypted term (VT1) is 
decrypted in the second computer unit (N) after 
the third message (/M3) has been received and 
before the signal term is verified. 

The method as claimed fin one of claims 1 to 25, 
in which a response /(A) is formed in the second 
computer unit (N) / by encrypting a constant 
(const) , and possibly further variables, which are 
known in the second / computer unit (N) and in the 
first computer unit / (U) , with the session key (K) 
using the encryption function (Enc) . 




imjsd in one of claims 1 to 26, 
potfise (A) is checked in the first 



The method a 
in which the 

computer unit^sX ) by encrypting a constant 
(const), and pos^ably further variables, with the 
session key (K) using the encryption function 
(Enc) and comparing the result with the response 
(A) . 



laimed 



The method as c 
in which the resppns 
computer unit (U 
with the session 
f unc t i on ( Enc ) anjd 
(const * ) with a 
further variables 



in one of claims 1 to 26, 
e (A) is checked in the first 
by decrypting the response (A) 
key (K) using the encryption 
comparing a decrypted constant 
constant (const) , and possibly 



35 



29. The method as claimed in one of claims 1 to 28, 

- in which a response (A) is formed in the second 
computer unit J (N) by applying a third hash 
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function (h3) to ail input variable which 
contains at least the session key (K) , and 
in which the response (A) is checked in the 
first computer unit /(U) by applying the third 
hash function (h3) tcj the input variable, which 
contains at least jbhe session key (K) , and 
comparing the result /with the response (A) . 

30. The method as claimed in one of claims 1 to 29, 
10 in which the third message (M3) contains at least 

one optional second data field (dat2) . 



31. 
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The method as claimed/ in one of claims 1 to 30, 
in which the first domputer unit (U) is formed by 
a mobile communication terminal and/or the second 
computer unit (N) is formed by an authentication 
unit in a moboNLe/ communication network. 




An arrangement ^fdr (the computer-aided interchange 
of cryptographicV kjeys between a first computer 
unit (U) and a second computer unit (N) , in which 
the first computer unit (U) and the second 
computer unit (N) are set up such that the 
following method steps can be carried out: 

- a first value (g* ) is formed from a first random 
number (t) using a generating element (g) of a 
finite group in the first computer unit (U) , 

- a first message (Ml) is transmitted from the 
first computer unit (U) to the second computer 
unit (N) , the f:.rst message (Ml) containing at 

•alue (g t ) , 

(K) is formed in the second 
computer unit (ill) using a first hash function 
(hi) , a first input variable for the first hash 
function (hi) containing at least one first term 
which is formed by exponentiation of the first 
value (g & ) using a secret network key (s) , 



least the first \ 
a session key 
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- the session key (lOf is formed in the first 
computer unit (U) u^ing the first hash function 
(hi) , a second input/ variable for the first hash 
function (hi) containing at least one second 
term which is forjmed by exponentiation of a 
public network key] (g s ) using the first random 
number (t) , 

- a fourth input variable is formed in the first 
computer unit (U)/ using a second hash function 
(h2) or the first hash function (hi) , a third 
input variable far the first hash function (hi) 
or for the seconp hash function (h2) containing, 
for the purposef of forming the fourth input 
variable, one qr more variables which can be 
used to infer thfe session key unambiguously, 

- a signature /term is formed in the first computer 

at least the fourth input variable 

Lgnature function (Sigu) , 




unit (U) 
using a fi 

a third meskade (M3) is transmitted from the 



first computer 
unit (N) , the 



- the signature 
computer unit 



unit (U) to the second computer 
third message (M3) containing at 
least the signature term from the first computer 
unit (U) , and 

term is verified in the second 
N) 



33. The arrangement as claimed in claim 31, 

in which the secret network key and/or the public 
network key is/are long- service keys. 



34. The arrangement as claimed in claim 32 or 33, 

in which the f^rst computer unit (U) and the 
second computer unit (N) are set up such that the 
third input variable contains a plurality of 
35 variables which pan be used to infer the session 

key unambiguously 
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35. The arrangement as claimed in one of claims 32 to 
34, 

in which the first computer unit (U) and the 
second computer unit (N) are set up such that the 
variable or the variaples contains or contain at 
least the first valfue (g 11 ) and/or the public 
network key (g s ) . 
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The arrangement as claimed in one of claims 3 2 to 
35, 

in which the first/ computer unit (U) and the 
second computer unit/ (N) are set up such that the 
following method steps can be carried out: 
- the first message (Ml) contains an identity- 
statement (id^) [for a certification computer 
unit (CA) which delivers a network certificate 
(CertN) or a chaiin of certificates, the last of 
which is ti[fr^ network certificate (CertN) , which 
can be veri5£i#<J by the first computer unit (U) , 

(M2) is transmitted from the 
jnit (N) to the first computer 
unit (U) , the second message (M2) containing at 
least the network certificate (CertN) or the 
chain of certificates, the last of which is the 
network certificate (CertN) , and 



a second mes 
second compute: 




- the network cert 
certificates , th 



ificate (CertN) or the chain of 
e last of which is the network 



certificate (CertN) , is verified in the first 



computer unit ( 

The arrangement a 
in which the fi 



claimed in claim 36, 
rst computer unit (U) 



following method 
- a third messagje 
first computer 
unit (N) , the 



and the 



second computer uiit (N) are set up such that the 



teps can be carried out : 

(M3) is transmitted from the 
unit (U) to the second computer 
third message (M3) containing a 



user certificate (CertU) or 



chain 



of 
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certificates, the l^&t of which is the user 
certificate (CertU) , 
- the user certificate/ (CertU) or the chain of 
certificates, the list of which is the user 
certificate (CertU) ,/ is verified in the second 
computer unit (N) . 
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The arrangement as cH/aimed in one of claims 32 to 
37, 

in which the first/ computer unit (U) and the 
second computer unit! (N) are set up such that the 
following method steps can be carried out: 
- the first message (Ml) contains an identity- 
variable (IMUI) fpr the first computer unit (U) 



and 



an identity statement 



<icU) 



for 




certification computer unit (CA) which delivers 
to the first pomputer unit (U) a network 
(CertjN) which can be verified by the 
it (U) , 

(M4) is transmitted from the 
unit (N) to the certification 
[CA) , the fourth message (M4) 
containing at legist the first value (g t ) as input 
variable , 

(M5) , containing at least the 
:ate (CertN) or a certificate 
element of which is the network 
certificate (CertN) , or the user certificate 
(CertU) or a certificate chain, the last element 

user certificate (CertU) , is 
the certification computer unit 



certifica\ 
first comp\ 
a fourth 
second compu\ 
computer unit 



a fifth message 
network certifi 
chain, the last 



of which is the 
transmitted from 



(CA) to the second computer unit (N) . 

The arrangement as claimed in one of claims 3 2 to 
38, 

in which the first computer unit (U) and the 
second computer unit (N) are set up such that the 
following method steps can be carried out: 



C& 1 . 
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in- 
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a fourth message <M4) 
second computer unit 
computer unit (CA) , 



transmitted from the 
r) to the certification 
:he fourth message (M4) 



containing at least the public network key (g s ) , 
the first value (g^l , the identity variable 
(IMU1) for the first /computer unit (U) as input 
variable, and an ounput variable from a third 
hash function (h3) l/eing signed using a second 
signature function (&ig N ) , 

the first signed / term is verified in the 
certification computer unit (CA) , 

a third term, containing at least the first 
value (g fc ) , the puplic network key (g s ) and an 
identity statement/ (id N ) for the second computer 
unit (N) , is fprmed in the certification 
computer up.it (CA) 
for 



- a hash val 
certif icati 
hash functio: 

- the hash valu^ fo 
the certif icatior l 




third signature function (Sig^) , 



a network certiff 
least the third 
for the third 



the third term is formed in the 
pomjiuter unit (CA) using a fourth 

4; 

r the third term is signed in 
computer unit (CA) using a 



icate (CertN) containing at 
erm and the signed hash value 
term is formed in the 
certification combuter unit (CA) , 

a fourth hash function (h.4) is applied in the 
certification cojnputer unit (CA) to a fifth 

at least the identity statement 
(id N ) for the second computer unit (N) and a user 
certificate (Cert J) , 

for the fifth term is signed 
certification key (cs) by using 



the hash value 
using the secret 



result represents 
a fifth message 



the third signature function (Sig^) , and the 



the second signed term, 
(M5) , containing at least the 
network certificate (CertN) , the fifth term and 
the second signed term, is transmitted from the 
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certification computer | unit (CA) to the second 
computer unit (N) , 

- the network certificate (CertN) and the second 
signed term are verified in the second computer 
unit (N) , 

- a fourth term, containing at least the public 
network key (g s ) and/ the signed hash value for 
the third term, is fprmed in the second computer 
unit (N) , 

- a second message (to) is transmitted from the 
second computer unilt (N) to the first computer 
unit (U) , the second message (M2) containing at 
least the fourth term, and 

- the network certificate (CertN) is verified in 
the first computer (unit (U) . 



40. The arrangeme 

in which the 
second computer uiHt 




laimed in one of claims 33 to 



computer unit (U) and the 
(N) are set up such that the 
following method stefps can be carried out: 
- the first message (Ml) contains an identity 

:>r the first computer unit (U) 



variable (IMUI) f 



and 



an identity statement 



(icU) 



for 



certification computer unit (CA) which delivers 



to the first computer unit (U) 



a fourth message 
second computer 
computer unit ( 
containing at 1 



network 



certificate (CertN) or a chain of certificates, 
the last of whi^h is the network certificate 
(CertN) , which can be verified by the first 
computer unit (U) , 

(M4) is transmitted from the 
unit (N) to the certification 
CA) , the fourth message (M4) 
sast one certificate for the 
public network key (g s ) , the first value (g t ) and 
the identity variable (IMUI) for the first 
computer unit (U)', 
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- a third term, containing at least one public 
network key (g s ) or a variable which determines 
the public network key/ (g s ) unambiguously, is 
formed in the certif icat/ion computer unit (CA) , 

- a hash value for the tHird term is formed in the 
certification computer/ unit (CA) using a fourth 
hash function (h4), 

- the hash value for the third term is signed in 
the certification computer unit (CA) using a 
third signature functtion (Sig CA ) , 

- a fifth message (MS) , containing at least the 
signed hash value/ for the third term, is 
transmitted from the certification computer unit 
(CA) to the second computer unit (N) , 

Llue for the third term is 
verified in the secfcnd computer unit (N) , 
a second mes^ge IM2) is transmitted from the 
second comput^A unfit (N) to the first computer 
unit (U) , the ^Jeoiorid message (M2) containing at 
least the signed\hjksh value for the third term, 
and 

the signed hash lvalue for the third term is 
verified in the f iirst computer unit (U) . 



25 



41 , 
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The arrangement as claimed in claim 40, 
in which the firsi computer unit (U) and the 
second computer unit! (N) are set up such that the 
following method steps can be carried out: 
the third term contains the public user signature 
key (KU) or a variable which determines the user 
signature key (KU) unambiguously. 



The arrangement as claimed in claim 4 0 or 41, 

in which the first computer unit (U) and the 

second computer unit (N) are set up such that the 

following method stieps can be carried out: 

the fifth message IMS) and the second message (M2) 

contain at least one chain of certificates. 
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43. The arrangement as claimed in one of claims 38 to 
42, 

in which the first computer unit (U) and the 
second computer unit (/N) are set up such that the 
following method steps can be carried out: 
the fifth term has a oime stamp (TS) . 
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The arrangement as claimed in one of claims 3 8 to 
43, 

in which the first? computer unit (U) and the 
second computer unit! (N) are set up such that the 
following method steps can be carried out : 
the third term has 4- time stamp (TS) . 



The arrangemej 
in which th 
second compute 
following metho 



t as jblaimed in claims 38 to 44, 

:ir$t computer unit (U) and the 
t (N) are set up such that the 
eps can be carried out : 



- an intermediate\fkey (L) is formed in the first 
computer unit (UJ) , before formation of the first 
message (Ml) , J by raising a public key 
declaration key (g u ) to a higher power using the 
first random number (t) , 

a second encryphed term (VT2) is formed in the 
first computer unit (U) , before formation of the 
first message (Ml) , from the identity variable 

first computer unit (U) by 
dentity variable (IMUI) with the 
(L) using an encryption 



(IMUI) for the! 
encrypting the i 
intermediate kpy 
function (Enc) , 

- the first mes3 
encrypted term 
variable (IMUI) 

- the fourth mes 
encrypted term 
variable (IMUI) 



age (Ml) contains the second 
(VT2) instead of the identity 
for the first computer unit (U) , 
sage (M4) contains the second 
( VT2 ) instead of the identity 
tor the first computer unit (U) . 
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46. The arrangement as claimed in one of claims 3 8 to 
45, 

in which the first computer unit (U) and the 
second computer unit (Ny are set up such that the 
following method steps dan be carried out: 
- the network certificate (CertN) or a certificate 
chain, the last element of which is the network 
certificate (CertN) / or the user certificate 
(CertU) or a certificate chain, the last element 
of which is the nser certificate (CertU) , is 
encrypted with L im the fifth message (M5) . 



i ill 



. 5~: 



15 



47. The arrangement as jblaimed in one of claims 3 8 to 
46, 

in which the firfet computer unit (U) and the 



20 



er ur 



d sh 



25 



.t (N) are set up such that the 
;eps can be carried out : 

the variables, the identity 
>r the second computer unit (N) , 
triable (IMUI) for the first 
the public network key (g s ) , the 
network certificate (CertN) or the user 
certificate (£ertU) is checked in the 
certification /computer unit (CA) using a 
revocation list! 



second com 
following 
at least 
statement (i 
the identity 
computer unit ( 



U 



30 



4 8 . The arrangement 
47, 

in which the 
second computer 



35 



as claimed in one of claims 3 2 to 

first computer unit (U) and the 
unit (N) are set up such that the 



following method steps can be carried out: 

- the first message (Ml) contains at least one old 
temporary identity variable (TMUIO) for the 
first computer unit (U) , 

- a new temporary identity variable (TMU1N) is 
formed for :he first computer unit (U) in the 
second computer unit (N) after the first message 



GR 98 P 1764 



- 58 



m 

I ill 
s a 1 



10 



15 



20 



25 



30 



35 



(Ml) has been received/ and before the second 
message (M2) is formed, 

- a fifth encrypted term/(VT5) is formed from the 
new temporary identity/ variable (TMUIN) for the 
first computer unit 0U) by encrypting the new 
temporary identity variable (TMUIN) for the 
first computer unit (fa) with the session key (K) 
using, the encryption /function (Enc) , 

- the second message /(M2) contains at least the 
fifth encrypted terny (VT5) , 

- the fifth encrypted term (VT5) is decrypted in 
the first computer/ unit (U) after the second 
message (M2) has been received and before the 
fourth input variable is formed, 

- the third input Arariable for the first hash 
function (hi) or /for the second hash function 
(h2) contains a|t least the new temporary 



identity va 
unit (U) foi* 
input variabl 
the third mes 
identity variably 
unit (U) . 




(TMUIN) for the first computer 
purpose of forming the fourth 
d 

t ge (M3) does not contain the 
(IMUI) for the first computer 



4 9 . The arrangement as 
48, 

in which the firi 
second computer un:. 



claimed in one of claims 32 to 



it computer unit (U) and the 
Lt (N) are set up such that the 
following method stJeps can be carried out: 

a response (A) containing information about the 

is formed in the second computer 



session key (K) 
unit (N) , 
a second messag^ 
second computer 
unit (U) , the S€: 



least the response (A) , and 



(M2) is transmitted from the 
unit (N) to the first computer 
cond message (M2) containing at 



- the session key 



(K) is checked in the first 



computer unit (U) using the response (A) . 
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50. The arrangement as claimejd in one of claims 32 to 
49, 

in which the first computer unit (U) and the 
second computer unit (N)/ are set up such that the 
following method steps oan be carried out: 
the third message (M3) contains an identity- 
variable (IMUI) for the/ first computer unit (U) . 



51. 
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The arrangement as claimed in one of claims 3 2 to 
48, 

in which the first /computer unit (U) and the 
second computer unit |(N) are set up such that the 
following method steps can be carried out: 
- the first input vfariable for the first hash 
function (hi) contains at least one second 
random number (r) /in the second computer unit 



(N) , 

the seconc 
random number 
the second 
function (hi) 
random numbe r 
(U) . 



sssage (M2) contains the second 
and 

variable for the first hash 
>ntains at least the second 
i in the first computer unit 



The arrangement as 
47, 

in which the firs 
second computer uni 
variable or the 
contains or contain 



claimed in one of claims 32 to 



t computer unit (U) and the 



t (N) are set up such that the 



vara. 



The arrangement as 
51, 

in which the firs 
second computer uni 



ables as claimed in claim 34 
the second random number (r) . 

claimed in one of claims 32 to 

t computer unit (U) and the 

(N) are set up such that the 
following method stips can be carried out: 

- a second encrypted term (VT2) is formed in the 

first computer unit (U) , before formation of the 
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third message (M3), fromrthe identity variable 
(IMUI) for the first fcomputer unit (U) by 
encrypting at least the identity variable (IMUI) 
with the session key (|t) using the encryption 
function (Enc) , 

- the third message (m£) contains the second 
encrypted term (VT2) , ahd 

- the second encrypted tyerm (VT2) is decrypted in 
the second computer unit (N) after the third 
message (M3) has been /received. 
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The arrangement as clai/med in one of claims 3 2 to 
53, 

in which the first Computer unit (U) and the 
second computer unit (flST ) are set up such that the 



following meth 

- the second 
first data fie 

- the third inpU 
function (hi) or 
(h2) contains at 
field (datl) for 



steps/ can be carried out: 

age I (M2) contains an optional 
(da/tl) , and 

riable for the first hash 
or the second hash function 
east the optional first data 
the purpose of forming the 



fourth input variable 



a third encrypted 



laimed in one of claims 32 to 

computer unit (U) and the 
(N) are set up such that the 



The arrangement as q 
54, 

in which the first, 
second computer unit, 
following method steps can be carried out: 



first computer unit (U) , before formation of the 



third message (M3 
optional second 
session key (K) 
(Enc) , 
the third messag 



term (VT3) is formed in the 



) , by encrypting at least one 
data field (dat2) with the 
using the encryption function 

(M3) contains at least the 



third encrypted term (VT3), and 



8 P 1764 



- 61 - 



- the third encrypted tetfm (VT3) is decrypted in 
the second computer unit (N) after the third 
message (M3) has been received. 

The arrangement as claimed in one of claims 3 2 to 
55, / 

in which the first domputer unit (U) and the 
second computer unit (N) are set up such that the 
following method steps /can be carried out: 

- a first encrypted tierm (VT1) is formed in the 
first computer unit / (U) , before formation of the 
third message (M3),J by encrypting at least the 
signature term usilng the encryption function 
(Enc) , I 

- the third message (M3) contains the first 
encrypted term (VTli) , and 

- the first encrypteld term (VT1) is decrypted in 
the second \cWiputer unit (N) after the third 
message (M3)%nas (been received and before the 
signal term is\veriLf ied . 

The arrangement as claimed in one of claims 3 2 to 
56, 

in which the first computer unit (U) and the 
second computer unit (N) are set up such that the 
following method steps can be carried out: 
a response (A) is formed in the second computer 
unit (N) by encrypting a constant (const) , and 
possibly further variables, which are known in the 
second computer unit (N) and in the first computer 
unit (U) , with the session key (K) using the 
encryption function! (Enc) . 

The arrangement as I claimed in one of claims 44 to 
57, 

in which the firjst computer unit (U) and the 
second computer urJit (N) are set up such that the 
following method steps can be carried out: 
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the response (A) is checked in the first computer 
unit (U) by encrypting a constant (const) , and 
possibly further variables, with the session key 
(K) using the encryption function (Enc) and 
comparing the result with the response (A) . 
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The arrangement as cla/imed in one of claims 44 to 
57, 

in which the first /computer unit (U) and the 
second computer unit /(N) are set up such that the 
following method steps can be carried out: 
the response (A) is checked in the first computer 
unit (U) by decrypting the response (A) with the 
session key (K) using the encryption function 
(Enc) and comparing a decrypted constant (const 1 ), 
and possibly furthejr variables, with a constant 
(const) . 

The arrangement ws\ (claimed in one of claims 32 to 
59, 

in which the first computer unit (U) and the 
second computer unit (N) are set up such that the 
following method stjeps can be carried out: 
- a response (A) is formed in the second computer 
unit (N) by applying a third hash function (h3) 
to an input variable which contains at least the 



session key (K) , and 
the response (A) is 



checked in the first 



computer unit (U) by applying the third hash 
function (h3) to an input variable, which 
contains at les.st the session key (K) , and 
comparing the result with the response (A) . 

The arrangement as claimed in one of claims 3 2 to 
60, 

in which the first computer unit (U) and the 
second computer unit (N) are set up such that the 
following method steps can be carried out: 
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the third message (M3) Contains 
optional second data field/ (dat2) 



at least 



one 



62. The arrangement as clainjfed in one of claims 32 to 
61, 



10 



in which the fx 
second computer u 
following method s 
the first computer 
communication termi 
unit (N) is formed 



mobile communication network 



Computer unit (U) and the 
fN) are set up such that the 
can be carried out : 
lit (U) is formed by a mobile 
l1 and/or the second computer 
?y an authentication unit in a 



